Cryptocurrency phishing scams continue to plague unsuspecting users, as evidenced by recent wallet-draining attacks netting scammers approximately $3 million worth of cryptocurrency in just 24 hours. This latest theft comes on the heels of a dangerous phishing campaign that has already drained $59 million from victims in 2023 alone.
According to reports, scammers are utilizing Google Ads to promote convincing but fake versions of popular Web3 sites like Zapper, Lido, Stargate, and more. When victims visit these fraudulent sites, malware known as MS Drainer is installed on their devices, allowing the criminals behind the operation to swiftly drain cryptocurrency wallets once they are connected. A mixture of digital assets including Wrapped Bitcoin, Aave Polygon USDT, Aave USDC, and Tether were stolen over the Christmas holiday.
This scam campaign has been ongoing since April 2023 when security researchers first notified Google about the issue, though the tech giant has yet to take action to shut down the offending ads. In total, researchers have identified over 10,000 fake phishing sites equipped with MS Drainer, which has so far drained nearly $59 million from over 63,000 victims.
The recent thefts over the holidays serve as an urgent reminder that cryptocurrency holders must be extra vigilant about double and triple-checking site URLs and closely reviewing transaction approvals. As one security expert noted, phishing is the number one threat facing crypto users today. The only defense is carefully verifying every wallet signature request to ensure funds are not being funneled to scammer-controlled addresses. Users should be on high alert when connecting their wallets to any platform to avoid devastating losses.
#CryptocurrencyScams #PhishingAttacks #FakeWebsites
